Have found a security issue in Symfony? Send the details to
security [at] symfony.com and don't
disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.
Symfony UX CVE-2025-47946: Unsanitized HTML attribute injection via ComponentAttributes
May 19, 2025
#Security Advisories
👍 2
Twig CVE-2025-24374: Missing output escaping for the null coalesce operator
January 29, 2025
#Security Advisories
👍 1
Update for CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient
November 13, 2024
#Security Advisories
❤️ 1
CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie
November 13, 2024
#Security Advisories
👀 2
👍 4
🚀 1
Twig CVE-2024-51754: Unguarded calls to __toString() in a sandbox when an object is in an array or an argument list
November 6, 2024
#Security Advisories
🚀 1
Twig CVE-2024-51755: Unguarded calls to __isset() and to array-accesses in a sandbox
November 6, 2024
#Security Advisories
👀 1
CVE-2024-50341: Security::login does not take into account custom user_checker
November 6, 2024
#Security Advisories
🚀 2
CVE-2024-50345: Open redirect via browser-sanitized URLs
November 6, 2024
#Security Advisories
🚀 2
CVE-2024-50343: Incorrect response from Validator when input ends with `\n`
November 6, 2024
#Security Advisories
CVE-2024-51736: Command execution hijack on Windows with Process class
November 6, 2024
#Security Advisories